Facebook: Forward us your phishing emails

Take a look inside your spam folder and you’ll find a variety of phishing emails from the likes of eBay, PayPal, and Facebook. The social network has decided to take matters into its own hands, setting up an email address (phish@fb.com) that users can forward phishing emails to. Facebook will then investigate the emails, trying to determine where it came from and who sent it.

It’s a big problem for any popular commerce or social networking site on the internet, but Facebook is taking steps to try and ease the problem. Mark Hammel, a Facebook engineer, says, “We have a pretty robust team here to deal with bad actors. This will give us extra visibility into people's e-mail inboxes, where there wasn't a good feedback mechanism in place.”

So, what exactly does Facebook do with forwarded emails? The team takes a look at the URLs found within the emails and forwards them on to browser creators as well as search engines in an attempt to blacklist them. Once they’re added to a browser blacklist, for example, users should be warned and veered away without clicking through and inputting any sensitive information.

Trying to find the root of the problem is still Facebook’s primary goal, however. The team will send out cease-and-desist letters to any hosting companies found harboring the phishing websites, and potentially file criminal complaints if they discover who's behind the emails. The big problem for Facebook is that phishers often move quickly, taking down and throwing up new websites in an attempt to circumvent blacklists. How effective the new email address is depends entirely on how fast the investigative team can move.